Welcome to our comprehensive FAQ page, your one-stop destination for answers to the most common questions about Dependency Track SaaS and Software Health Indicator.
We’ve gathered and organized the most frequent inquiries to ensure that you have quick and easy access to the information you need. So, dive in, explore, and discover all the essential information about Dependency Track SaaS and Software Health Indicator right at your fingertips.
Frequently Asked Questions (FAQ)
There is no built-in limit to the number of software SBOMs that can be scanned. At this stage our database can follow up more than 187'000 vulnerabilities. It could as well follow up several thousands of applications.
Our license subscriptions have a limit, contact us for personalized offer if you need more.
Yes of course and you definitively should. Check our API documentation.
Those are not part of our standard support. We do have the competencies in house and can offer them upon specific project agreement.
Contact us for any special inquiries.
Yes, everything that you can do with the user interface can be automated through a REST API, see our documentation.
Check chapter Customer data in our SaaS agreement.
In your Dependency Track, under project, audit vulnerabilities, you can add a comment, categorise, justify and add details.
All information are kept in audit trail available only in your tenant.
You can extract the SBOMs using the guide in our cheat sheet documentation or ask your software supplier.
We offer different monthly and annual packages according to the number of users and project.
Check our Pricing page.
Our smart analysis engine ensures your applications risk scores are refreshed whenever needed, that is every time a new vulnerability is affecting one of your components.
New published vulnerabilities are imported at least once every day in your personal and private cloud database. By configuring alerts, you will be notified immediately if one of your components is at risk without even having to log into our solution.
- As a user, you can self administer your own account from the page
https://auth.yoursky.blue/realms/<YourTenant>/account/, replacing 'YourTenant' with the tenant name received during onboarding.
- Select 'Signing In'
- Then select 'Set up authenticator application' and follow the wizard
As an administrator, you can setup MFA as default policy for every users from the admin console.
You will receive an alert when new vulnerabilities impacting your personal projects are found. Target for alerts must be configured beforehand. We support natively Slack, Teams, emails and we can certainly target easily your preferred communication channel.
Antivirus and malware scanners detect malicious codes either at rest or just before execution. An agent needs to be installed on every computer. Such scanners detect the threats only when they are already in the system.
On the other hand, vulnerability scanners track known weaknesses based on a standardized description of all your software components (SBOM). Monitoring can be performed offline before the system is in production and highlight all potential vulnerabilities. It serves you to know better your system, focus on prioritized action plan to reach compliance goals, meaning you can invest time and resources where it is most needed to increase your security.
It is frequent that malware exploits known vulnerability. Fixing vulnerability is closing the door to most malware threats. It is a proactive action that works upstream from antivirus and malware scanners.
Antivirus and vulnerability scanners provide complementary lines of defense.
Updating software is essential and you should obviously keep doing it. This is, however, insufficient if you are not also keeping track of components which stop receiving regular updates.
Such components that are becoming slowly obsolete or abandoned will put you or your customers at risk. Without using an automated tool, people can barely keep track of first level components and will lack most of the deeply nested ones.
Our solution points out every components, including the deepest ones, which present security risks. The time and energy saved can then be invested more effectively to respond to remaining threats.
If you fully control the lifetime of a version and can ensure when it is no longer used across the globe (eg: Facebook website), then tracking all the versions ever published is not suitable. It is a special case for which it would be best to monitor only the current version.
You would select `Cloud - single version mode` during you order for this case.
It is possible to generate SBOM for pretty much any platform and technology you might think of. See our cheat sheet.
Even if you provide the same functionality on each platform, they rely on different software components (libraries) and might suffer from different vulnerabilities. For this reason you need to generate a SBOM for each platform you compile for.
As each platform is tracked individually and might have different release cycles, we require that you buy a different license for each platform.
This is detailed in our product page.
You will receive a personal email with information to access your personal and private Dependency Track instance with detailed instructions for your first steps.
Slack, Microsoft Teams, Webhooks, Webex by Cisco are supported notification platforms.
Check the Integration Overview Table.
Our solution monitors all the applications for which you sent us the SBOM. It is not limited and can therefore do so for your complete application portfolio if you wish. It will scan for vulnerabilities and licenses.
All the versions you submitted during the validity of your license will continue to be monitored for vulnerabilities. Your are even entitled to continue to use our indicator for those versions on your website. So whenever you stop paying the annual fee, the only thing you actually loose is the possibility to submit new SBOM.
Your score might diminishes as more vulnerabilities are found in the older versions.
Check our chapter termination in our SaaS Agreement.
Our solution is designed for businesses of all size which have the necessary maturity to focus on their entire supply chain. All software providers and proactive companies can beneficiate from our solution.
In our standard offers, we provide support to access the solution and store securely your data. We provide all the infrastructures and stop at the boundary of the software.
In particular, there is no support included to manage your data such as data transfers, data intelligence, data cleansing, security audit, ...
Those can be acquired separately if required, please contact us if you need our experts to assist you for those missions.
Currently the product is available in English only. Contact us if you need another language.
We are currently working on developing our social media strategy and content plan, and we plan to start posting content soon. We understand the importance of being active on social media and engaging with our audience, so we will be sharing updates on our progress on our website and other channels.
We encourage you to follow our social media accounts now to stay up to date with our progress and be the first to know when we start posting content. You can always contact us or use our social media accounts to reach out to us with any questions or feedback.
Our vulnerability scanner contributes immediately to increase your cybersecurity. Working upstream and as a complement to antiviruses you gain clear and deep knowledge over all potential security flaws affecting your applications.
Both are using the same version of the open source dependency track.
With the free version, you have to dedicate your own server resources and time.
With our cloud based solution, you get everything included: the solution is available and operational within a few minutes after ordering, configured for highest security standards. We operate the solution for you, take care of testing, upgrades, backups, we scale up when needed, and we provide direct assistance in case of difficulties. Your data is kept secured in a dedicated personal tenant.
As a bonus, you get access to a KeyCloak tenant preconfigured so that you can easily enable MFA or integrate with your existing user directory. This is not mandatory but we strongly believe this is an important feature for business who care about security and maintainability.
Finally we are expert of the solution and know how to operate it like no one else.
Let us know if there is anything else we can assist you with !Contact us